Do you need a degree for working in cybersecurity?

I have been looking into the field of cybersecurity as a career path and because I'm still a highschool student I was wondering if I'd need a degree to work as a penetrtion tester for example or if there are more important qualification's or alternatives.

Comments

  • ElitisElitis S+ Pentest+ CCENT CCNA eJPT eCPPT OSCP Member Posts: 49 ■■■□□□□□□□
    You can generally get by in Cybersecurity and IT without a degree up until you're about to hit management. And by "get by", I mean spend a few years working your way up the food chain. That said, a lot of people usually get into Cybersecurity after some time in IT. I've heard of people going straight into it by utilizing internships while in school, so that may be a path available as well. As for Pentesting, there are very few exceptions here (and for good reason). The most typical path is usually a few years of IT (including Help Desk) and then a few years doing blue team work. You may be able to go from IT (beyond help desk) directly into a pentesting role, but this isn't extremely common.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,076 Admin
    edited January 21
    Pentesting is one of the InfoSec fields where you are often looked down upon by other pentesters if you have degrees or certs. You find a lot of very smart, creative, and obsessive people who can't hack academics being attracted to pentesting and forming mainstream-education-hating cliques. You see these people en masse at security conferences like DEF CON. They value what you can say and do and have achieved over what paper you have hanging on your cubical wall. You just need to hope the managers that hire pentesters think the same way. ;)
  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 2,020 ■■■■■■■■□□
    edited January 21
    In my opinion some good Certifications will get you a a lot more mileage then a four year degree. College tuition at a 4 year in-state public college is around 11k a year, that's 44k over four years. At this time, each SANS course and certification is $7,800, So say if you had a GCIH, GPEN and  GXPN, the cost would be $23,400, I say that would get you a lot more attention on a resume than a college degree with no certifications. (Assuming no experience for both candidates). In theory you could obtain all three certification in under a year. Also note that a GXPM is a 600 level course, very difficult exam to pass.    
    Still searching for the corner in a round room.
  • ElitisElitis S+ Pentest+ CCENT CCNA eJPT eCPPT OSCP Member Posts: 49 ■■■□□□□□□□
    JDMurray said:
    Pentesting is one of the InfoSec fields where you are often looked down upon by other pentesters if you have degrees or certs. You find a lot of very smart, creative, and obsessive people who can't hack academics being attracted to pentesting and forming mainstream-education-hating cliques. You see these people en masse at security conferences like DEF CON. They value what you can say and do and have achieved over what paper you have hanging on your cubical wall. You just need to hope the managers that hire pentesters think the same way. ;)
    Note to self: go to def con before (maybe) getting a degree. 
  • changlinnchanglinn Member Member Posts: 38 ■■■□□□□□□□
    Second what TechGromit said. I am a hiring manager, and have hired plenty of Analysts, admins and recent a penetration tester. The pentester did have a degree, but that wasn't the reason he got the job, it was his OSCP, and active research and extra-curricular training. Most of the Analysts I've hired had degrees, but then again they also had other demonstrated experience and hobbies. I hired internally an analyst recently with no degree, and very little professional experience, but as he was internal we knew about him entering CTF's and the lab he had at home. The problem is often getting past HR or recruiters. For this more often than not, certs are enough except for management and exec levels.
    I also had a couple of interns from Masters programs around the place, almost all of them haven't been as good as the recent analyst with no degree.

    A+, C|EH, CISSP, CISM, CRISC, GSTRT, MCSA:Messaging, MCSE:Security
    "Brain does not meet certification requirements, please install more certifications" Me
    Currently Studying: Cyber Security masters and ISC2 CCSP.
    Security blog; http://security.morganstorey.com
Sign In or Register to comment.